[Samba] Samba-2.2.8a /LDAP can't join domain

Chris McKeever cgmckeever at prupref.com
Sat Jul 12 03:49:58 GMT 2003 

Join the club!  
one thing I found is that if I dont have the master browser setup correctly
(domain logons = yes master browser = yes), then I get that message as well.

are your logs showing anything?

> -----Original Message-----
> From: PHELPS, SCOTT [mailto:SPHELPS at ridgways.com]
> Sent: Friday, July 11, 2003 8:32 PM
> To: samba at lists.samba.org
> Subject: [Samba] Samba-2.2.8a /LDAP can't join domain
> 
> 
>  
>  
> -----Original Message-----
> From: Scott Phelps [mailto:sphelps at ridgways.com] 
> Sent: Friday, July 11, 2003 9:19 PM
> To: 'samba at lists.samba.org'
> Subject: Samba-2.2.8a & LDAP - Can't join Domain - SID mapping error
>  
> Hi everyone,
> I am at my wits end and am hoping one of you can help me out.
>  
> I am getting the following error when attempting to join 
> Windows XP/2000 machine to the domain:
>  
> "The following error occurred attempting to join the domain 
> "MY_DOMAIN"
> No mapping between account names and security IDs was done.
>  
> Running Gentoo Linux
> Samba 2.2.8a
> OpenLDAP 2.0.27
>  
> I performed the following registry hacks:
> [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters]
> "requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000
> [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters]
> "requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
> \Parameters]
> "requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000
>  
> I am attempting to join the domain as root.
> root was added via smbpasswd -a root
> domain admin group = root    Was placed in my smb.conf
> I set up a fake root user this way in LDAP:
> dn: uid=root,ou=People,dc=virginiabeach,dc=net
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaAccount
> uidNumber: 0
> gidNumber: 0
> homeDirectory: /home/root
> loginShell: /bin/bash
> gecos: root
> shadowLastChange: 0
> shadowMax: 0
> shadowWarning: 0
> userPassword: {SSHA}GN3hrCs7c8Kgd93df23838hHH
> uid: root
> pwdLastSet: 1057974221
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 2147483647
> pwdMustChange: 2147483647
> displayName: root
> cn: root
> smbHome: \\MY_PDC\homes
> homeDrive: Z:
> scriptPath: logon.cmd
> profilePath: \\MT-PDC\profiles\root
> rid: 1000
> primaryGroupID: 1001
> lmPassword: 639C041927C79D99AAEJKHRJFHKRJKL
> ntPassword: 6E1766AB79DDFHGJDHFJJHBJFHBJRHR
> acctFlags: [UX         ]
>  
> The machine name is also in LDAP like this:
> dn: uid=MYMACHINE$,ou=Machine,dc=virginiabeach,dc=net
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaAccount
> uid: MYMACHINE$
> uidNumber: 11014
> gidNumber: 11014
> homeDirectory: /dev/null
> loginShell: /bin/false
> gecos: rid96itlaptop windows machine,,,
> userPassword: {crypt}x
> shadowLastChange: 0
> shadowMax: 0
> shadowWarning: 0
> pwdLastSet: 0
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 2147483647
> pwdMustChange: 2147483647
> displayName: MYMACHINE$
> acctFlags: [W]
> rid: 23028
> primaryGroupID: 23029
> homeDrive: U:
> smbHome: 
> profilePath: 
> scriptPath: logon.cmd
> lmPassword: xxx
> ntPassword: xxx
> cn: MYMACHINE$
>  
> Everything else works, and I am able to log into Linux and a 
> Samba share using a test user authenticating strictly via LDAP.
>  
> Any help is greatly appreciated.  Otherwise I will have no hair left!
>  
> Thanks,
>  
> -- Scott Phelps
>  
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list